Understanding and Combating the Economic Pull of Cybercrime
|Neha Chachra earned her PhD in computer science at UC San Diego in 2015.|
San Diego, Calif., Nov. 27, 2019 -- Computer science was an easy choice for Neha Chachra when she began her studies, she says. “Growing up, I had an aptitude for math, sciences and logic.” But security wasn’t on her radar until a summer internship at Google in Mountain View exposed her to kinds of problems that would define her career.
“That was really my first introduction to various attacks and how they subvert well-intentioned code, and I thought it was beautifully complex,” she recalls. Today, Chachra works as an Engineering Manager at Facebook, where she has been employed since 2016, leading a team that protects Facebook against abusive links, protecting the platform from harmful URLs that expose users to phishing, spamming and malware. The work is a natural progression of her research and interests at UC San Diego, where she received her Ph.D. in 2015.
She was drawn to UC San Diego’s research program as a way to explore her combined interest in economics and computer security. “Fortunately for me, Professors Stefan Savage and Geoff Voelker had just started looking into the economics of spam” says Chachra. “Working with them was one of the best decisions I ever made, as they turned out to be the most brilliant, yet kindest, advisers one could hope for.”
At UC San Diego, Chachra delved into research centered on understanding attacker ecosystems— namely, how people profit from cybercrime and spam. Her thesis on “Understanding URL Abuse for Profit” looked at how attackers mounted various kinds of affiliate marketing fraud and the effectiveness of different interventions – both existing and proposed – in undermining their profitability”
“Today,” she says, “the sum total of all my research and that of my peers [at UC San Diego] continues to guide me as I lead the engineering team at Facebook working on detection and the mitigation of abusive URLs.” The work requires Chachra to consider both technical solutions as well as a little psychological jujitsu.
“Given two solutions, it’s critical that I think about how attackers might respond to either solution, and pick the more resilient option,” she says. “In an odd way, to be successful in this field, one frequently learns to think like an attacker.”
“The most interesting aspect of all cybercrime is that there is a real human being on the other side, making rational choices to maximize profit as you or I would in any business,” Chachra adds. “Except unfortunately, these criminal activities hurt the people using the Internet. The difficulty of solving problems in the presence of a human adversary, coupled with the importance of this work in protecting people, is what truly keeps me working on it.”